Maël
Forum Replies Created
-
Forum: Plugins
In reply to: [Post View Count] Warning – Attempt to read property “ID” on nullHi @dipakparmar443,
Thank you so much for your hard work on this plugin ! The latest 3.0 version fixes the problem I had. Thank you again for your responsiveness, I wish you a pleasant day !
Forum: Plugins
In reply to: [Post View Count] Warning – Attempt to read property “ID” on nullHi @dipakparmar443,
Thanks for your quick response.
The website in question is using the Twenty Twenty-Three theme, I believe this is a default theme of WordPress, but I still get the warning.
I understand caching could be a problem for post views, and I disabled mine, but the warning still appears.
I cannot guarantee that none of the plugins I use override the
$postvariable, but I use a WordPress theme and only main-stream plugins, nothing too fancy. Also, if some plugin collided with the$postglobal variable, I believe I would have other, worse problems, which I have not in my case.I quickly peeked at the place in the code where the warning says it occurs :
public function ngd_insertProcessPostviewFun() {
global $user_ID, $post;
if ( is_int( $post ) ) {
$post = get_post( $post );
}
$id = (int) $post->ID; // <- this line
// ...
}I don’t know your codebase, so maybe you have a null check somewhere else, but in this function where the post gets used it doesn’t seem to check. If it is called and the
$postis null (since it does not exist), the function will still try to read its ID, resulting in a technical warning being printed to an end-user facing page.Or maybe I should wait longer after disabling the cache? I only disabled it for a few hours.
Thanks for your time !
Hi @shanedelierrr, thank you for your help and quick answer, very appreciated !
Forum: Plugins
In reply to: [Post View Count] Cross Site Request Forgery (CSRF) vulnerabilityForum: Plugins
In reply to: [Post View Count] Cross Site Request Forgery (CSRF) vulnerabilityHello @dipakparmar443,
My bad, the plugin does not show any warning indeed. However, the vulnerability on Patchstack does not appear as having a patch. Maybe they just did not catch up to the current plugin version, but in the long term it might be a good idea to tell them it is fixed.
I don’t know how those things work though…
Thank you for your time and efforts, very appreciated !
Forum: Plugins
In reply to: [Post View Count] Cross Site Request Forgery (CSRF) vulnerabilityHello,
Maybe you should contact Patchstack. I’m sure the issue is fixed if you say so, but they might not be aware of it.
I use SolidSecurity as a plugin, and they detect vulnerabilities using Patchstack, so if the vulnerability is not marked as fixed on Patchstack, security plugins might continue to warn the admins about it.
Hope it helps, have a nice one !
Forum: Plugins
In reply to: [Post View Count] Post View 2.01 Causes Security Check error in WPHello @dipakparmar443,
I have the same problem on the websites I use the plugin on. I had a peek at the code and I think I found what could be the issue.
The website displays “Security check” as a message, just like if the execution had ended in a
die("Security check");instruction.This could come from different places in the code, but the most probable is the
ngd_hits_column_orderbyfunction in theadd-post-column.phpfile. This is called on therequesthook, which is used even on public pages. In this function, the plugin makes a check for the current user to havemanage_optionsprivileges (which obviously the user does not have if they’re not even logged in), resulting in “Security check” message for unauthorized users.I tried altering the code on my test website, changing :
if ( !current_user_can('manage_options')) { die( __( 'Security check.', 'wp-simple-post-view' ) ); return; }To :
if (!current_user_can( 'manage_options')) { return $vars; }Seems like it did the trick for me.
Other possible sources of this message are the
wp-simple-post-view.phpfile and theuninstall.php, the last one being very unlikely in this case.Hope this helps, have a nice one !
Forum: Plugins
In reply to: [Post View Count] Cross Site Request Forgery (CSRF) vulnerabilityI’d gladly see what I can do, but I don’t think the plugin is open-source is it? The repository I found is from 3 years ago.
Forum: Plugins
In reply to: [Post View Count] Cross Site Request Forgery (CSRF) vulnerabilityI also still get the medium security warning, are the online databases out of date on this one?